private servers sharing common root

Mark Lane lmlane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jun 24 16:02:54 UTC 2010


On Thu, Jun 24, 2010 at 10:32 AM, teddy <teddy-5sHjOODPK7E at public.gmane.org> wrote:
>
> See a setup where they are building a lot of new servers.
> To enable scripts and automation they all share a common root password.
>
> I have learned that the same passwords on multiple servers, especially the
> same root
> password is a recipe for an insane amount of work, especially if there is a
> security
> breach. Because ALL the servers with the common password must be considered
> compromised.
>
> Now in this instance, these are private servers, not available to the
> outside public.
> They are relatively safe and secure. Nevertheless, if a security breach does
> occur
> they are all considered compromised.
>
> Can a bash script that sets up a common root password, somehow operate on
> servers
> with different root passwds?
>
> (Sorry if it sounds confusing. I am confused too at this time)
> Perhaps in a few days I can repost with a clearer picture :)
>

Yes you can script a different password for each server. I seen a
password store used where the passwords for different resources were
in individual files and only users/scripts with the correct
permissions could read it. You can also use ssh keys.

However why do you need to log in as root to administer the box? You
could just use sudo or create a less priviledged user to do you
administration. How these servers authenticatiing? Are they using
shared authentication through LDAP or NIS?


-- 
Mark Lane <lmlane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list